diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-06-20 21:28:23 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-06-20 22:38:33 +0200 |
| commit | 7f66b5ebc88936db974e3320d77c7ec9d4ab85e6 (patch) | |
| tree | 669b2c307e2ea84476d6bbfd46ef127c0fc1c6f9 /src/utils | |
| parent | 2ab1e53b4bc15af3319994fdb25bb739b4b8e6db (diff) | |
| download | chawan-7f66b5ebc88936db974e3320d77c7ec9d4ab85e6.tar.gz | |
img: use stb_image, drop zlib as dependency
Now we have decoders for gif, jpeg, bmp. Also, the in-house PNG decoder has been replaced in favor of the stbi implementation; this means we no longer depend on zlib, since stbi comes with a built in inflate implementation.
Diffstat (limited to 'src/utils')
| -rw-r--r-- | src/utils/sandbox.nim | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/utils/sandbox.nim b/src/utils/sandbox.nim index 0e79ec06..ce9b194e 100644 --- a/src/utils/sandbox.nim +++ b/src/utils/sandbox.nim @@ -91,6 +91,7 @@ elif defined(linux) and not disableSandbox: "gettimeofday", # used by QuickJS in Date.now() "mmap", # memory allocation "mmap2", # memory allocation + "mremap", # memory allocation "munmap", # memory allocation "pipe", # for pipes to child process "pipe2", # for when pipe is implemented as pipe2 @@ -125,13 +126,13 @@ elif defined(linux) and not disableSandbox: onSignal SIGSYS: discard sig raise newException(Defect, "Sandbox violation in network process") - let ctx = seccomp_init(SCMP_ACT_TRAP) + let ctx = seccomp_init(SCMP_ACT_KILL_PROCESS) doAssert pointer(ctx) != nil const allowList = [ cstring"close", "exit_group", # duh "read", "write", "recv", "send", "recvfrom", "sendto", # socket i/o "fcntl", "fcntl64", # so we can set nonblock etc. - "mmap", "mmap2", "munmap", "brk", # memory allocation + "mmap", "mmap2", "mremap", "munmap", "brk", # memory allocation "poll", # curl needs poll "getpid", # used indirectly by OpenSSL EVP_RAND_CTX_new (through drbg) "fstat", # glibc fread seems to call it |